AMENDMENTS TO THE CLAIMS 
This listing of claims will replace all prior versions and listings of claims in the 
application: 

Listing of Claims: 

1 . (Currently Amended) A method for responding to network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a 
network of computing resources, wherein said IDS alert indicates an unauthorized intrusion 
upon a remotely located computing resource in said network of computing resources; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a location 
separate from said remotely located computing resource so that said determining said 
appropriate response is unaffected by said unauthorized intrusion; and 

d) automatically implementing said appropriate response to mitigate damage to said 
network of computing resources from said unauthorized intrusion by isolating said remotely 
located computing resource , wherein said implementing said appropriate response comprises 
interfacing with a power controller that controls power to said computing resource to shut 
power to said computing resource . 

2. (Original) The method of Claim 1, wherein a) further comprises: 
al) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 

a3) generating said IDS alert; and 
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a4) sending said IDS alert to an IDS manager that is located remotely from said 
computing resource within said network of computing resources. 

3. (Original) The method of Claim 2, wherein a2) further comprises: 
determining said suspicious intrusion is unauthorized when said suspicious intrusion 

matches with at least one of a list of unauthorized intrusions. 

4. (Original) The method of Claim 2, wherein al) comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system (HIDS) 
sensor located on said computing resource. 

5. (Original) The method of Claim 2, wherein al) comprises: 

detecting said suspicious intrusion at a network-based intrusion detection system 
(NIDS) sensor located within said network of computing resources. 

6. (Canceled) 

7. (Original) The method of Claim 1, wherein d) further comprises: 

dl) interfacing with at least one switch, an associated switch, in said network of 
computing resources to virtually reconfigure said associated switch in order to virtually isolate 
said computing resource from remaining computing resources in said network of computing 
resources. 
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8. (Original) The method of Claim 7, wherein said associated switch comprises an 
Ethernet switch. 

9. (Original) The method of Claim 7, wherein said associated switch comprises a 
Storage Area Network (SAN) switch. 

10. (Original) The method of Claim 7, wherein said at least one switch comprises a 
SAN switch and an Ethernet switch. 

1 1. (Original) The method of Claim 1, wherein said network of computing resources 
comprises a provisional data center. 

12. (Original) A method for responding to network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor in a network 
of computing resources at a location separate from an infected computing resource, wherein 
said IDS alert indicates an unauthorized intrusion upon said infected computing resource in 
said network of computing resources, wherein implementation of a response to said IDS alert 
is unaffected by said unauthorized intrusion; 

b) responding to said IDS alert by automatically interfacing with at least one switch in 
said network of computing resources to virtually reconfigure said at least one switch, an 
associated switch, in order to virtually isolate said computing resource from remaining 
computing resources in said network of computing resources; and 
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c) responding to said IDS alert by automatically interfacing with a power controller 
that controls power to said computing resource to shut power to said computing resource. 



13. (Original) The method of Claim 12, wherein a) further comprises: 
al) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 

a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from said 
computing resource within said network of computing resources. 

14. (Original) The method of Claim 13, wherein a2) further comprises: 
determining said suspicious intrusion is unauthorized when said suspicious intrusion 

matches with at least one of a list of unauthorized intrusions. 

15. (Original) The method of Claim 13, wherein al) comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system (HIDS) 
sensor located on said computing resource. 

16. (Original) The method of Claim 13, wherein al) comprises: 

detecting said suspicious intrusion at a network-based intrusion detection system 
(NIDS) sensor located within said network of computing resources. 

17. (Original) The method of Claim 12, wherein said network of computing resources 
comprises a provisional data center. 

Serial No. 10/678,333 Art Unit 2432 

Examiner: Lemma, Samson B. - 5 - 200310100-1 



18. (Original) The method of Claim 12, wherein said switch couples said computing 
resource to a virtual local area network. 

19. (Original) The method of Claim 12, wherein said switch comprises an Ethernet 

switch. 

20. (Original) The method of Claim 12, wherein said associated switch comprises a 
Storage Area Network (SAN) switch. 

21. (Original) The method of Claim 12, wherein said at least one switch comprises a 
SAN switch and an Ethernet switch. 

22. (Original) The method of Claim 12, wherein further comprising: 
automatically interfacing with said associated switch in said network of computing 

resources; and 

automatically interfacing with said power controller. 

23. (Currently Amended) A computer system comprising: 

a bus for communicating information associated with a method for responding to 
network intrusions; 

a processor coupled to said bus for processing said information associated with said 
method for responding to network intrusions; and 
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a computer readable memory coupled to said processor containing program 
instructions, that when executed by said processor, implement said method for responding to 
network intrusions, comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor located in a 
network of computing resources, wherein said IDS alert indicates an unauthorized intrusion 
upon a remotely located computing resource in said network of computing resources; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said determining 
said appropriate response is unaffected by said unauthorized intrusion; and 

d) automatically implementing said appropriate response to mitigate damage to said 
network of computing resources from said unauthorized intrusion by isolating said remotely 
located computing resource , wherein said implementing said appropriate response comprises 
interfacing with at least one switch, an associated switch, in said network of computing 
resources to virtually reconfigure said associated switch in order to virtually isolate said 
computing resource from remaining computing resources in said network of computing 
resources. 



24. (Original) The computer system of Claim 23, wherein a) in said method further 
comprises: 

al) detecting a suspicious intrusion into said computing resource; 

a2) determining said suspicious intrusion is unauthorized; 

a3) generating said IDS alert; and 
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a4) sending said IDS alert to an IDS manager that is located remotely from said 
computing resource within said network of computing resources. 

25. (Original) The computer system of Claim 24, wherein a2) in said method further 
comprises: 

determining said suspicious intrusion is unauthorized when said suspicious intrusion 
matches with at least one of a list of unauthorized intrusions. 

26. (Original) The computer system of Claim 24, wherein al) in said method 
comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system (HIDS) 
sensor located on said computing resource. 

27. (Original) The computer system of Claim 24, wherein al) in said method 
comprises: 

detecting said suspicious intrusion at a network-based intrusion detection system 
(NIDS) sensor located within said network of computing resources. 

28. (Original) The computer system of Claim 23, wherein d) in said method further 
comprises: 

dl) interfacing with a power controller that controls power to said computing resource 
to shut power to said computing resource. 

29. (Canceled) 
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30. (Currently Amended) The computer system of Claim [[29]] 23, wherein said 
associated switch comprises an Ethernet switch. 

3 1 . (Currently Amended) The computer system of Claim [[29]] 23, wherein said 
associated switch comprises a Storage Area Network (SAN) switch. 

32. (Currently Amended) The computer system of Claim [[29]] 23, wherein said at 
least one switch comprises a SAN switch and an Ethernet switch. 

33. (Currently Amended) The computer system of Claim [[29]] 23, wherein said 
network of computing resources comprises a provisional data center. 
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